34 lines
		
	
	
		
			644 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			34 lines
		
	
	
		
			644 B
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { lib, config, pkgs, ... }:
 | |
| 
 | |
| {
 | |
|     services.hydra = {
 | |
|       enable = true;
 | |
|       hydraURL = "http://localhost:3000";
 | |
|       notificationSender = "hydra@localhost";
 | |
|       useSubstitutes = true;
 | |
|     };
 | |
|     
 | |
|     networking.firewall = {
 | |
|       enable = true;
 | |
|       #allowedUDPPorts = [  ];
 | |
|       allowedTCPPorts = [ 3000 ];
 | |
|     };
 | |
| 
 | |
|     nix = {
 | |
|       settings.trusted-users = [
 | |
|         "hydra"
 | |
|       ];
 | |
| 
 | |
|       extraOptions = ''
 | |
|         secret-key-files = $(cat "${config.age.secrets."keys/nixsign".path}");
 | |
|       '';
 | |
|     };
 | |
|     
 | |
|     age.secrets."keys/nixsign" = {
 | |
|       file = ../../../secrets/keys/nixservepriv.age;
 | |
|       owner = "hydra";
 | |
|     };
 | |
| 
 | |
| 
 | |
| }
 |